H-Field Probe

I can’t find a lot of resources on actually using a magnetic probe for power analysis. I’ve tried testing this probing method by touching a loop probe connected to the LNA to various points on the multi-target victim board while the simpleserial crypto (AES) program is running. So far I haven’t found any interesting signals (nothing matching the waveform I get directly from Vout), just sine waves. Should I be expecting a similar waveform, or will the signal need some processing when I use this method?

Hello,

There should be a similar waveform - but the signal from the AVR is fairly week, so I normally don’t see as much. Can you post screen-shots of the waveforms you get?

Will be a little slower than usual due to travel for Defcon/Blackhat… also don’t have any H-probes with me to validate things!

Screenshots attached with descriptions. Let me know if you need anything else. Thanks!



For completeness, attached is the “signal” (or lack of one) that I get when the probe is not near the hardware.

Some tests/notes:

1)How is it mounted to the board? Where is the probe top located?
2) Try playing with the “phase shift” option too, sometimes this is required with the probe.

I won’t be able to do any tests until next week when I’m back in the lab!

-Colin

To find the best signal, I’m really just manually “resting” the loop on the middle of the AVR (photo attached). Would this method pick up too much noise to be useful?

@chocolate, what is the unit of the vertical axis at the captures that you posted ?

That’s a good question, considering it’s only labelled “Data”. I don’t have an answer to that, which may point to the source of my confusion about how this works. I’m using all out-of-the-box ChipWhisperer hardware and software, and so that’s why I wondered whether I needed to do anything extra with the signal (e.g., integrating).

Had a chance to replicate all this finally, think we can get this working. My setup for reference first, was the H-Probe in a similar position:
hprobe_c.jpg

Note I’ve just got something to hold it down on the chip, that’s the big black cylinder. You could tape it down or anything else stable. I also moved the jumper to “short out” the 50-ohm resistor (see jumpers in above image).

I ran the default capture script, then made the following adjustments:

  • Phase Adjust = 200
  • Gain Setting :Mode = high
  • Gain Setting :Setting = 65

The waveform looks like this:

Note the “phase adjust” is fairly critical - you might need to play around with it, as you want to get rid of that “envelope” which will change on each capture. Keep pressing “capture 1” to reduce this (might not eliminate completely - no worries).

Also perform more captures to start - say set to 500 traces, then do the attack. Just give it a try - a lot of the noise will go away on the attack.

Yeah, it’s a little ambiguous :wink: It’s been left that way for a long time as there isn’t precise calibration on the input gain, and users can add all sorts of additional probes. So rather than have some sort of incorrect units I just left them off… which was the very lazy solution.

Let me know how it goes!

Thanks for the pointers (and convincing me that it’s possible)! Using your parameters, I found a good location on the chip, taped down the probe, and got the attached waveform. I’m happy to say that I extracted the entire key! Next step for me: getting the same success with a “real” chip. Thank you again!

Awesome! Yeah that waveform looks to have some “peaks” which is a good sign!

The H-Field probe is a little more “magic” as the waveform doesn’t look nice an repeatable like it does with the shunt. But the data is there underneath the noise, so you just have to trust the math to get it out :wink:

@chocolate, could you share the attack performance using the h-probe ?

@aldaya, I don’t have the attack performance for the capture in my last post, so I quickly did a new capture, which doesn’t seem as pretty as the old waveform but still managed to extract all bits of the key except one. I’m guessing attack performance would depend on how well you can avoid noise.

New capture waveform and its performance attached.


Is someone can re-upload picture ? Seems all attachements pictures are broken in this thread.
Can be usefull as there is no H-Probe tutorial on Wiki !

Thanks

Ok i will upload picture, i successfully done the AES Xmega with H-Field Probe.

All works perfect, and i am been able to recovery keys ( random ) with more trace around ( 400-500 ).

Now need to check, if can lower trace number by spotting better area on Xmega.

Will upload picture about the Setup + config used ( Step by step )

For people who want to try and stuck with some details…

Oops - looking at fixing the forum, glad you had success! There is actually a newer H-Probe “tip” (not in the full tutorial section) at wiki.newae.com/H_Probe_Usage . Maybe we should be linking that into the tutorila section too then?

Fixed attachments - thanks for catching! Moved the forum a few weeks ago and I thought those were working, but I guess not…

Sorry to necromancer this thread - I couldn’t find many resources about how to practically do this, so I’d like to leave a contribution that hopefully helps someone someday.

I’m using a perfboard ATMega328p target with a PicoScope 2206B, an H-Field Probe and LNA (the ones from the newae store). I found the trick was to maximise the SNR by maximising the difference of average measured magnetic field between when the device is on, and when the device is off:


and when the device is on:

The setup is the h-field probe approximately 25% from the top of the ATmega328p target - it runs through an LNA, through a feed through terminator and then to the scope.

Tremendously oversampling helped as well: I used 128MS for a 16Mhz target, resulting in an extremely clean result from correlation via hamming weight of first round sbox result (yes, I know, not all the bytes are there :stuck_out_tongue:). The thinking behind this is that I can’t synchronise with my target’s clock, so I just need to get enough detail to compensate.

You can clearly see the rounds of AES consistently across a larger number of samples:


And the correlation result, based on the hamming weight of the sbox output of the first round: